Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Is HIPAA Omnibus Good for mHealth Developers?

Posted on October 3, 2013 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This is a really good question. If you’re not sure of HIPAA omnibus, you might check out this video where Rita Bowen discusses HIPAA Omnibus.

The article linked above suggests that HIPAA omnibus is good because it narrows when you have to disclose of a possible breach (ie. lost or stolen laptop that was encrypted wouldn’t need disclosure probably) and that PHR software doesn’t fall under HIPAA unless it’s run by a health plan or healthcare provider.

I guess I agree that in some limited ways this is helpful for mobile health developers. However, the implications of business associates is the big part of HIPAA omnibus that should have many mobile health developers concerned. Before HIPAA omnibus, the covered entity (a healthcare provider) held liability for any breach. Hover, under HIPAA omnibus, the business associate shares that liability.

While it’s true that some mobile health applications won’t be considered a business associate, many more will be considered a business associate. If this is the case for your application, you better make sure you’re compliant with HIPAA or you’re subject to any fines or penalties for HIPAA violations just like the provider was previously.

The good thing is that all of this is sketched out. Being HIPAA compliant is doable for a mobile health developer, but I’m afraid that many aren’t taking it seriously. The nice thing is that there are HIPAA training courses out there to help. I really fear for those mHealth companies that choose to do nothing.

Certified HIPAA Security Professional

Doctor Explains Why He’s Avoiding EMR

Posted on I Written By

James Ritchie is a freelance writer with a focus on health care. His experience includes eight years as a staff writer with the Cincinnati Business Courier, part of the American City Business Journals network. Twitter @HCwriterJames.

Dr. Peter Kambelos likes being in solo practice because he can make all the decisions.

And for now, the internist has decided to keep using paper records.


It’s partially an economic decision. He doesn’t feel he can afford the switch to an EMR.

Politics might play a bit of a role, too. Kambelos, who is president-elect of the Academy of Medicine of Cincinnati, likes to keep the government out of his exam room.

Still, he doesn’t rule out going electronic in the not-too-distant future. After all, he’s a mid-career physician, and it would be absurd to think of sticking with analog charts forever.

Late adopters like Kambelos represent an opportunity for health IT vendors, but one that will be challenging to capitalize on. As I wrote previously, future EMR-industry growth will require more resources and creativity to achieve.

More than 50 percent of physician offices have adopted an electronic records system, according to the U.S. Department of Health and Human Services. Among family physicians, one group of researchers found, the number is likely to exceed 80 percent this year.

In an interview, Kambelos explained why he practices — and thinks — the way he does.

Tell me about your practice.

It’s a large internal medicine practice with many elderly patients. I take care of generations of people, grandparents to grandkids. We know our patients and their families, and they know us. This has been, and remains, our patients’ “medical home.” I have two employees and they work hard.

What is record-keeping like in your practice?

I’ve practiced with paper charts for 17 years and they work fine for me. Many are very thick and chock-full of years of valuable and pertinent data. But I have my patients’ histories in my head and don’t need to be chained to a paper chart or an EMR to provide them with outstanding medical care and supervision. Most doctors who really know their patients can say the same.

Have you seriously considered moving to an EMR, and why?

Yes, for the supposed improved efficiency once fully implemented.

Are the Meaningful Use incentives much of a motivator?

Zero. The government is the biggest obstacle to health care delivery in this country.

Do vendors often reach out to you?

Periodically, we receive in-person and virtual solicitations. It happens a couple of times a month, perhaps.

Why haven’t you made the shift?

One reason and one reason only: the cost of making the transition, both in terms of my limited productivity during such a transition and the inherent labor costs in so doing.

In your view, what is the primary shortcoming of the systems out there?

Lack of interoperability. As I understand it, most EHRs don’t interface such that data across hospital systems is readily available to any given user.

What should EMR companies know about doctors like you?

We don’t fear, but rather embrace, new technology. But we work on tight budgets and cannot absorb the costs associated with transitions like this. Federal grants come nowhere near covering these costs and come with too many strings attached.